03-01-2018 08:58 AM
Hi,
I have a customer looking to use the SCEP client on IGEL Linux thin clients.
1. Is ISE Internal CA (with SCEP) supported for Non-Anyconnect endpoints also ?
2. Same as above, Is ISE SCEP Proxy isupported for external SCEP clients?
Naman
03-01-2018 03:13 PM
The ISE internal certificate server scep was created for our BYOD flow to onboard Apple iOS/macOS windows and chrome native supplicants
It has nothing to do with the anyconnect agent and should not be used for anyconnect NAM onboarding
You can also utilize the internal CA with the certificate provisioning portal to create certs for those endpoints that can’t go through the BYOD flow either manually using the portal or through API
What you’re asking for is the Linux client to onboard its certificate and native supplicant through our BYOD scep process. This may work but has not been tested or documented on how you could get it to work without one of the supported clients.
I will research and update this thread
03-01-2018 03:45 PM
Thanks.
03-06-2018 09:53 AM
The SCEP service in ISE has only been tested with ASA. See ISE as SCEP server
You are welcome to try it with another SCEP client and report your results here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide